Re: DJB's students release 44 *nix software vulnerability advisories

From: milw0rm Inc. (milw0rm_at_gmail.com)
Date: 12/21/04

Next message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"

Previous message: Jonathan T Rockway: "Re: DJB's students release 44 *nix software vulnerability advisories"
In reply to: Jonathan T Rockway: "Re: DJB's students release 44 *nix software vulnerability advisories"
Next in thread: Antoine Martin: "Re: DJB's students release 44 *nix software vulnerability advisories"
Reply: Antoine Martin: "Re: DJB's students release 44 *nix software vulnerability advisories"
Reply: Jack Lloyd: "Re: DJB's students release 44 *nix software vulnerability advisories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 21 Dec 2004 14:34:20 -0600
To: bugtraq@securityfocus.com

/*
Two points.
Regarding local versus remote, look at it this way: You have a 100%
secure system. Then you install NASM. Now a user FROM THE NETWORK can
send you some tainted assembly code for you to assemble and he can
compromise your account.
*/

quote "for you to assemble"

Its a user error. Your not remotely exploiting anything but the trust
from the user.

//str0ke

Next message: Marcus Meissner: "SUSE Security Announcement: various kernel problems (SUSE-SA:2004:044)"

Previous message: Jonathan T Rockway: "Re: DJB's students release 44 *nix software vulnerability advisories"
In reply to: Jonathan T Rockway: "Re: DJB's students release 44 *nix software vulnerability advisories"
Next in thread: Antoine Martin: "Re: DJB's students release 44 *nix software vulnerability advisories"
Reply: Antoine Martin: "Re: DJB's students release 44 *nix software vulnerability advisories"
Reply: Jack Lloyd: "Re: DJB's students release 44 *nix software vulnerability advisories"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: DJBs students release 44 *nix software vulnerability advisories
... Then you install NASM. ... > send you some tainted assembly code for you to assemble and he can ... That is why it is considered remote. ... You still need a local account: the one used by the user coaxed into ...
(Bugtraq)
Re: DJBs students release 44 *nix software vulnerability advisories
... > Regarding local versus remote, look at it this way: ... because of a bug in the HTML parser of their web browser, ... But at the point you assemble it, ... difference between running code that you don't know, ...
(Bugtraq)
Re: DJBs students release 44 *nix software vulnerability advisories
... > secure system. ... > send you some tainted assembly code for you to assemble and he can ... That is why it is considered remote. ... And so we have a distinction without meaning. ...
(Bugtraq)
Re: DJBs students release 44 *nix software vulnerability advisories
... > Regarding local versus remote, look at it this way: ... Then you install NASM. ... gentoo systems by compromising one of the master servers (or more ... this exploit to compromise the system. ...
(Bugtraq)
Re: DJBs students release 44 *nix software vulnerability advisories
... Then you install NASM. ... > send you some tainted assembly code for you to assemble and he can ... > compromise your account. ... That is why it is considered remote. ...
(Bugtraq)